package cn.ibizlab.util.security;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.stereotype.Component;

/**
 * 全局security安全配置 (用于设置spring security与OAuth2两种模式下的安全配置)
 */
@Component
public class GlobalSecurityConfig {

    @Value("${ibiz.auth.path:v7/login}")
    private String loginPath;

    @Value("${ibiz.auth.logoutpath:v7/logout}")
    private String logoutPath;

    @Value("${ibiz.file.uploadpath:ibizutil/upload}")
    private String uploadpath;

    @Value("${ibiz.file.downloadpath:ibizutil/download}")
    private String downloadpath;

    @Value("${ibiz.file.previewpath:ibizutil/preview}")
    private String previewpath;

    @Value("${ibiz.auth.excludesPattern:}")
    private String[] excludesPattern;

    public void configure(HttpSecurity httpSecurity) throws Exception {

        httpSecurity
                // 过滤请求
                .authorizeRequests()
                .antMatchers(
                        HttpMethod.GET,
                        "/*.html",
                        "/**/*.html",
                        "/**/*.css",
                        "/**/*.js",
                        "/**/*.png",
                        "/**/*.ttf",
                        "/**/*.woff",
                        "/**/*.eot",
                        "/**/*.woff2",
                        "/**/*.ico",
                        "/**/assets/**",
                        "/**/css/**",
                        "/**/fonts/**",
                        "/**/js/**",
                        "/**/img/**",
                        "/",
                        "webjars/**",
                        "/swagger-resources/**",
                        "/v2/**",
                        "/v3/**"
                ).permitAll()
                //放行登录请求
                .antMatchers( HttpMethod.POST, "/"+loginPath).permitAll()
                .antMatchers( HttpMethod.POST, "/auths/login").permitAll()
                .antMatchers( HttpMethod.GET, "/"+logoutPath).permitAll()
                .antMatchers( "/v7/*/logout").permitAll()
                .antMatchers( "/auths/*/logout").permitAll()
                .antMatchers( "/auths/*/refresh_token").permitAll()
                .antMatchers( "/auths/*/loaduserbyusername").permitAll()
                .antMatchers( "/auths/*/loaduserandtokenbyusername").permitAll()
                .antMatchers( "/auths/*/load_user_by_username").permitAll()
                .antMatchers( "/auths/signaturekey").permitAll()
                .antMatchers( "/auths/signature_key").permitAll()
                .antMatchers( "/auths/publickey").permitAll()
                .antMatchers( "/auths/public_key").permitAll()
                .antMatchers( "/auths/**/orginfo").permitAll()
                .antMatchers( "/**/cache_evict").permitAll()
                .antMatchers("/sys_active_directories/*/items").permitAll()
                .antMatchers("/sys_organizations/all").permitAll()
                .antMatchers("/sys_organizations/**/options").permitAll()
                .antMatchers("/sys_organizations/**/parentids").permitAll()
                .antMatchers("/sys_organizations/**/subids").permitAll()
                .antMatchers("/sys_roles/fetchdefault").permitAll()
                .antMatchers("/sys_role_members/listbyroleids").permitAll()
                .antMatchers("/sys_people/*/info").permitAll()
                .antMatchers( HttpMethod.POST, "/sys_deploy_systems/save").permitAll()
                .antMatchers( HttpMethod.POST, "/sys_deploy_systems/deployresource/**").permitAll()
                .antMatchers("/auths/captcha").permitAll()
                .antMatchers("/auths/user-info").permitAll()
                .antMatchers("/auths/register").permitAll()
                .antMatchers("/auths/sendsmscode").permitAll()
                //第三方登录
                .antMatchers("/open_accesses/**/getauthorizationuri").permitAll()
                .antMatchers("/auths/loginbycode").permitAll()
                .antMatchers("/auths/bind").permitAll()
                .antMatchers("/auths/socialregister").permitAll()
                //短信验证码登录
                .antMatchers("/auths/mobilelogin").permitAll()

                // 文件操作
                .antMatchers("/"+downloadpath+"/**").permitAll()
                .antMatchers("/"+uploadpath).permitAll()
                .antMatchers("/"+previewpath+"/**").permitAll()
                //oauth2授权登录页端点
                .antMatchers("/login").permitAll();

        for (String excludePattern : excludesPattern) {
            httpSecurity.authorizeRequests().antMatchers(excludePattern).permitAll();
        }

        httpSecurity.authorizeRequests().anyRequest().authenticated();
    }
}
